Architecture for fuzzing lab?

Hi,

Beginners could get confused with what kind of architecture a fuzzing lab should comprise of?
Basically, there shall be something to request and something to respond. So in most of the cases it's a sever-client architecture.

Server: A node which would be hosting or generating fuzz files
Client : A node which would access/load those hosted/generated files in an application to check if that crashes.

Application could be anything that interests a researcher and accordingly fuzz files needs to be hosted/generated on the fly on server. Few likes generating fuzz files of their interest and host on server. Contrary, few likes generating them on the fly. Today, focus of this write-up is bit on 'generating & hosting' files.

Disclaimer: I am no expert on this; just sharing what I've observed and understood so far.

Generating & Hosting Files on Server:

On a smaller scale, a researcher could have just a single machine hosting his/her server (LAMP/WAMP) and client node. That's fine to test out fuzzer code (write you own from scratch) and some basic tests. But shall improve upon hardware gradually, if on serious note.

My suggestions:
1. Use Linux: Requirement could be there to generate millions of test cases (fuzz cases). Unfortunately, file generations starts crawling on windows once it has generated more than a million files in a single directory. In my test, same code started crawling after generating 1.1M files on windows but worked perfectly on linux even after generating 2.4M files (I did not go beyond that).

2. If using LAMP, apache would need to be customized to withhold your test DDoS attack on it. Fuzzing goes in spikes. Most of the test cases wouldn't bother the application anyway. Few could offer minor glitches and few could simply hang the application. Assuming your lab has 10 client nodes & 1 server. When applications on those 10 nodes are processing fuzz cases without gliches, the Apache is serving quite many requests concurrently! and there starts the DDoS on it. With 10 nodes, it just wouldn't be 10 requests/second. Based on researchers code, it could grow multifolds.

3. Use mpm_event: With LAMP, the MPM (multi processing module) that comes default is mpm_prefork. It has to be replaced to meet fuzz lab requirements. mpm_event is the latest stable member and is highly recommended for concurrence.
My tests has shown, mpm_prefork failed serving more than 7 client nodes but mpm_event served 24 nodes perfectly (not sure what is its limit)

PS: It would be appreciable if people share their experiences as well.

[*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
------> become the master!!!
[*] Everyone has a will to WIN but very few have the will to prepare to WIN
[*] Invest yourself in everything you do, there's fun in being serious

[*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
------> become the master!!!
[*] Everyone has a will to WIN but very few have the will to prepare to WIN
[*] Invest yourself in everything you do, there's fun in being serious